X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fshare%2Fmw_data_users_sessions.php;h=df81d465ac1a16d35cfe2d5c669a1266e51be2ea;hb=ed558d720ebf6985290c99297f5b1d2c86d1f60a;hp=daabe2bbc20c82734b477cbd7c09398a52011011;hpb=e1b64e4088232b9d7b4acb2dc24279bb38fcafba;p=mtweb

diff --git a/mw/app/data/modules/share/mw_data_users_sessions.php b/mw/app/data/modules/share/mw_data_users_sessions.php
index daabe2b..df81d46 100644
--- a/mw/app/data/modules/share/mw_data_users_sessions.php
+++ b/mw/app/data/modules/share/mw_data_users_sessions.php
@@ -4,8 +4,12 @@
 
     var $user;
 
-    function login($login, $password){
-      if(($user = $this->user($login)) !== false){
+    function login($login, $password, $reference_user = null){
+      if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+        if(isset($reference_user) && $login != $reference_user["login"]){
+          $this->clear_session();
+          return array();
+        }
         if($this->password_ok($user, $password)){
           if(!$this->set_session($user)) $user = false;
         }
@@ -23,31 +27,43 @@
 
     function user_ok($user){
       return
-      strcmp(md5($user["password"].$_SESSION["id"]), $_SESSION["pass"]) == 0
-      && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+          (isset($_SESSION[$this->app_session_key()]["id"]))
+      &&  (isset($_SESSION[$this->app_session_key()]["pass"]))
+      &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
+      &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $_SESSION[$this->app_session_key()]["pass"]) == 0)
+      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
     }
 
     function password_ok($user, $password){
       if(!$user) return false;
-      return
-           strcmp(md5($user["password"].$_SESSION["id"]), $password) == 0
-        && $_SESSION["ip"] == $_SERVER["REMOTE_ADDR"];
+      $OK =
+          (isset($_SESSION[$this->app_session_key()]["id"]))
+      &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
+      &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
+      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+      ;
+      return $OK;
     }
 
     # ----------------------------------------------------------------------------------------
     #                                                                                  session
     #
 
-    function load_session(){
+    function app_session_key(){
+      $env = $this->env();
+      return "mw_".str_replace("/", "_", $env->path("web"));
+    }
+
+    function load_session($reference_user = null){
       @session_start();
-      if(!isset($_SESSION["id"])) $this->clear_session();
+      if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
       $user = array();
-      if(isset($_SESSION["user"])){
-        $user = $this->user($_SESSION["user"]);
+      if(isset($_SESSION[$this->app_session_key()]["user"])){
+        $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
       }
-      elseif(isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
-        if($user = $this->user($_COOKIE["user"])){
-          $user["password"] = $_COOKIE["pass"];
+      elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
+        if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){
+          $user["password"] = $_COOKIE[$this->app_session_key()."_pass"];
           $this->set_session($user);
         }
       }
@@ -63,23 +79,29 @@
     }
 
     function set_session($user){
-      $_SESSION["user"] = $user["login"];
-      $_SESSION["pass"] = md5($user["password"].$_SESSION["id"]);
+      if(!isset($_SESSION[$this->app_session_key()])) $this->clear_session();
+      $_SESSION[$this->app_session_key()]["user"] = $user["login"];
+      $_SESSION[$this->app_session_key()]["pass"] = md5($user["password"].$_SESSION[$this->app_session_key()]["id"]);
       $env = $this->env();
       return
-          setcookie("user", $user["login"], time() + (60 * 60 * 24 * 7), $env->path("web"))
-      &&  setcookie("pass", $user["password"], time() + (60 * 60 * 24 * 7), $env->path("web"));
+          @setcookie($this->app_session_key()."_user", $user["login"], time() + (60 * 60 * 24 * 7), "/")
+      &&  @setcookie($this->app_session_key()."_pass", $user["password"], time() + (60 * 60 * 24 * 7), "/");
     }
 
     function clear_session(){
-      unset($_SESSION["user"]);
-      unset($_SESSION["pass"]);
-      $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
-      $_SESSION["id"] = md5(rand());
-      $env = $this->env();
+      unset($_SESSION[$this->app_session_key()]);
+      $_SESSION[$this->app_session_key()] = array(
+        "ip" => $_SERVER["REMOTE_ADDR"],
+        "id" => md5(rand())
+      );
       return
-          setcookie("user", "", 0, $env->path("web"))
-      &&  setcookie("pass", "", 0, $env->path("web"));
+          @setcookie($this->app_session_key()."_user", "", 0, "/")
+      &&  @setcookie($this->app_session_key()."_pass", "", 0, "/");
+    }
+
+    function set_session_user($user){
+      $this->set_session($user);
+      $this->user =& $user;
     }
 
     function get_session_user(){